Skip to content

Commit d2d014c

Browse files
Domenico PanellaDomenico Panella
Domenico Panella
authored and
Domenico Panella
committed
Update
1 parent d2fa19b commit d2d014c

File tree

1 file changed

+16
-12
lines changed

1 file changed

+16
-12
lines changed

mklive.sh.in

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ umask 022
3232
readonly REQUIRED_PKGS="base-files libgcc dash coreutils sed tar gawk syslinux grub-i386-efi grub-x86_64-efi squashfs-tools xorriso"
3333
readonly INITRAMFS_PKGS="binutils xz device-mapper dhclient dracut-network openresolv"
3434
readonly PROGNAME=$(basename "$0")
35+
toSign=0
3536

3637
info_msg() {
3738
printf "\033[1m$@\n\033[m"
@@ -199,6 +200,11 @@ generate_isolinux_boot() {
199200
"$ISOLINUX_DIR"/isolinux.cfg
200201
}
201202

203+
dosign() {
204+
print_step "Signing $2..."
205+
sbsign --key $DBKEY --cert $DBCRT --output "$1".signed "$1"
206+
}
207+
202208
generate_grub_efi_boot() {
203209
cp -f grub/grub.cfg "$GRUB_DIR"
204210
cp -f grub/grub_void.cfg.in "$GRUB_DIR"/grub_void.cfg
@@ -237,9 +243,8 @@ generate_grub_efi_boot() {
237243
cp -f "$VOIDHOSTDIR"/tmp/bootia32.efi "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTIA32.EFI
238244

239245
#Bootloader signing
240-
if ([ $toSign ] && [ -f "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX32.EFI ]);then
241-
print_step "Signing BOOTX32.EFI..."
242-
sbsign --key $DBKEY --cert $DBCRT --output "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX32-signed.EFI "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX32.EFI
246+
if [ $toSign -eq 1 ] && [ -f "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX32.EFI ]; then
247+
dosign "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX32.EFI BOOTX32.EFI
243248
fi
244249

245250
xbps-uchroot "$VOIDHOSTDIR" grub-mkstandalone -- \
@@ -255,9 +260,8 @@ generate_grub_efi_boot() {
255260
cp -f "$VOIDHOSTDIR"/tmp/bootx64.efi "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX64.EFI
256261

257262
#Bootloader signing
258-
if ([ $toSign ] && [ -f "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX64.EFI ]);then
259-
print_step "Signing BOOTX64.EFI..."
260-
sbsign --key $DBKEY --cert $DBCRT --output "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX64-signed.EFI "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX64.EFI
263+
if [ $toSign -eq 1 ] && [ -f "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX64.EFI ]; then
264+
dosign "${GRUB_EFI_TMPDIR}"/EFI/BOOT/BOOTX64.EFI BOOTX64.EFI
261265
fi
262266

263267
umount "$GRUB_EFI_TMPDIR"
@@ -357,17 +361,17 @@ fi
357361

358362
#The -d and -t options are complementary. If one exists, the other must also exist.
359363
#If these options are set, I also check sbsign command.
360-
if ([ -z $DBKEY ] && [ ! -z $DBCRT ]) || ([ ! -z $DBKEY ] && [ -z $DBCRT ]); then
364+
if ([ $DBKEY ] && [ ! $DBCRT ]) || ([ ! $DBKEY ] && [ $DBCRT ]); then
361365
die "Must be set a key and certificate via -d and -t option, exiting..."
362-
elif ([ $DBKEY ] && [ $DBCRT ]); then
363-
if [ $DBKEY ] && [ ! -f $DBKEY ]; then
366+
elif [ $DBKEY ] && [ $DBCRT ]; then
367+
if [ ! -f $DBKEY ]; then
364368
die "$DBKEY does not exist, exiting..."
365-
elif [ $DBCRT ] && [ ! -f $DBCRT ]; then
369+
elif [ ! -f $DBCRT ]; then
366370
die "$DBCRT does not exist, exiting..."
367-
elif ! [ -x "$(command -v sbsign)" ]; then
371+
elif ! command -v sbsign > /dev/null; then
368372
die "sbsign command does not exist, exiting..."
369373
else
370-
toSign=true
374+
toSign=1
371375
fi
372376
fi
373377

0 commit comments

Comments
 (0)